Russian Hackers Release Stolen Abortion Records on Dark Web

hack medibank

People’s stolen data is published on the dark web under a “good list” and a “bad list”. Photo Brendon Thorne/Bloomberg via Getty Images

Hackers who stole a trove of data from one of Australia’s largest private health insurers are dripping sensitive details about customers’ diagnoses and medical procedures, including abortions, onto the dark web.

The leaks started to sink on Wednesday, while the hackers – who contacted Medibank at the end of October to reveal they had stolen 200 gigabytes of customer data from the health insurer – followed through on their threat to release the information unless they received a ransom from $9.7 million. Cybercriminals have now revealed that this figure is based on a ransom demand of $1 per customer.

The stolen data slices are published on the ransomware group’s blog as downloadable files labeled “good-list” and “naughty-list”. Leaks so far have included details of patients’ addresses, phone numbers and passport numbers, as well as details of health conditions such as alcohol abuse, anxiety, drug addiction. cannabis and opioid addiction. The so-called “naughty list” is says include private claims from prominent figures related to drugs or mental health issues.

In the latest leak on Thursday evening, the names of more than 300 Medibank customers were uploaded to a file named “Abortions.csv”. This file would have included a spreadsheet with the details of 303 patients as well as billing codes relating to terminations of pregnancies, including non-viable ones. pregnancy, miscarriage and ectopic pregnancy.

“The company is asking us for a ransom, it’s 10 million USD (15.5 million Australian dollars). We can give a discount of 9.7 million (15 million Australian dollars) 1 $ (1.60 Australian dollars) = 1 customer,” one blog post read.

Medibank confirmed that since Friday the personal details of more than five million customers have been released.

Speaking to the media on Friday afternoon, Australian Federal Police (AFP) Commissioner Reece Kershaw said authorities believed the hackers responsible for the cyber theft were from Russia, saying “our intelligence indicates that [they’re] a loosely affiliated group of cybercriminals who are likely responsible for significant past breaches in countries around the world.

“These cybercriminals operate like a business with affiliates and associates supporting the business,” he added. “We also believe that some affiliates may be in other countries.”

The Australian Broadcasting Corporation reports that authorities suspect the perpetrators are members of the notorious Russian cybercriminal gang REvil, and that although the group is not considered part of the Russian state, it operates with the protection of President Vladimir Putin.

Some of the group’s most notable exploits include the May 2021 cyberattack on the Colonial Pipeline that led to widespread gas shortages on the US East Coast, the attack on software company Kaseya– which crippled up to 1,500 businesses – and an attack on JBS Foods, the world’s largest meat supplier, which paid the pirates $11 million.

The Russian Federal Security Service (FSB) claims to have dismantled REvil in January, following raids on 25 different sites in Moscow, St. Petersburg and Lipetsk that resulted in the arrest of 14 people allegedly involved in cybergang operations. The FSB said in a statement at the time that 20 luxury cars, 426 million rubles, $600,000 and 500,000Є were seized in the raids.

Kershaw said Friday that while authorities thought they knew who the people responsible for the Medibank hack were, he would not name them.

“What I will say is that we will have talks with Russian law enforcement about these individuals,” he said, noting that as a member of INTERPOL, Russia has the obligation to help bring cybercriminals to justice. “Russia benefits from intelligence sharing and data shared through INTERPOL, and with that comes responsibility and accountability.”

He also reiterated that “Australian Government policy does not condone the payment…of ransoms to cybercriminals” and that this “fuels a business model of cybercrime”.

Medibank published a public statement Monday morning by declaring that “no ransom will be paid to the criminal responsible for this data theft”.

“Based on the extensive advice we have received from cybercrime experts, we believe there is only a limited chance of paying a ransom to secure the return of our customers’ data and prevent it from being published,” said the health insurer. “In fact, paying could have the opposite effect and induce the criminal to extort our customers directly.”

The Medibank hack follows a string of unrelated cyberattacks on Australian businesses in recent weeks and months as citizens’ data has been beleaguered by hackers. These include attacks on telecom provider OPTUS, Woolworths supermarket chainand even the AFP classified documentswhich exposed agents working to stop international drug cartels.

Follow Gavin Butler on Twitter.

About Florence M. Sorensen

Check Also

U.S. judge pleads for blocking publishing giants merger

WASHINGTON– A federal judge exposed a data-laden case explaining why she blocked plans to buy …